Hacker News new | past | comments | ask | show | jobs | submit login

> I find it hard to believe that any contemporary operating system can robustly prevent a locally executing program from tricking the average desktop user into entering the administrator password equivalent to TFA's /tmp/sudo example, not on today's average computer.

Qubes OS can. Though it's not for the average users.




It's more that it makes said sudo much less effective. You still can get tricked inside the VM or a canny enough attacker will find a bypass for VM security.

It is a somewhat higher bar though.

The point is moot, as the most destructive attacks are ransomware, which this limits but does not prevent, website ID (login, address, credit card) and data theft, phishing and scams. None of which is prevented by Qubes.

Evil maid attacks are frustrated though if you install its extra security features.

However, it is wise to remember that security is as strong as the weakest link, so do use it if you're an admin or dev.


> The point is moot, as the most destructive attacks are ransomware, which this limits but does not prevent

Qubes OS assumes (promotes and helps with) that you do not open random links inside your banking or important VM. You can even open links automatically in a disposable VM upon a mouse click. It should help here I guess.

> bypass for VM security

VT-d virtualization was broken only once by a software attack. An it was done by the Qubes founder.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: